dns/dnsdist: update to 1.9.4 (fixes CVE-2024-25581)

PR: 278954 Approved by: submitter is maintainer
freebsd · May 15, 2024 · 9422b76 · 9422b76
1 parent 519b9d1
commit 9422b76
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 5 deletions.
diff --git a/dns/dnsdist/Makefile b/dns/dnsdist/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	dnsdist
-DISTVERSION=	1.9.3
+DISTVERSION=	1.9.4
 CATEGORIES=	dns net
 MASTER_SITES=	https://downloads.powerdns.com/releases/
 

diff --git a/dns/dnsdist/distinfo b/dns/dnsdist/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1712317299
-SHA256 (dnsdist-1.9.3.tar.bz2) = f05b68806dc6c4d207b1fadb7ec715c3e0d28d893a8b3b92d58297c4ceb56c3f
-SIZE (dnsdist-1.9.3.tar.bz2) = 1577027
+TIMESTAMP = 1715595818
+SHA256 (dnsdist-1.9.4.tar.bz2) = 297d3a3751af4650665c9d3890a1d5a7a0467175f2c8607d0d5980e3fd67ef14
+SIZE (dnsdist-1.9.4.tar.bz2) = 1591994
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
@@ -1,4 +1,36 @@
-  <vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631">
+  <vuln vid="f2d8342f-1134-11ef-8791-6805ca2fa271">
+    <topic>dnsdist -- Transfer requests received over DoH can lead to a denial of service</topic>
+    <affects>
+      <package>
+	<name>dnsdist</name>
+	<range><lt>1.9.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>PowerDNS Security Advisory reports:</p>
+	<blockquote cite="https://dnsdist.org/security-advisories/index.html">
+	  <p>When incoming DNS over HTTPS support is enabled using the nghttp2 provider,
+	    and queries are routed to a tcp-only or DNS over TLS backend, an attacker can
+	    trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR
+	    or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a
+	    Denial of Service. DNS over HTTPS is not enabled by default, and backends are using
+	    plain DNS (Do53) by default.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-25581</cvename>
+      <url>https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html</url>
+    </references>
+    <dates>
+      <discovery>2024-05-13</discovery>
+      <entry>2024-05-13</entry>
+    </dates>
+  </vuln>
+
+<vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631">
     <topic>Intel CPUs -- multiple vulnerabilities</topic>
     <affects>
       <package>